CVE-2006-7123: SQL Injection
First published: Tue Mar 06 2007(Updated: )
Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joomla BSQ Sitestats | =1.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-7123?
CVE-2006-7123 is considered a high severity vulnerability due to its potential for remote arbitrary SQL command execution.
How do I fix CVE-2006-7123?
To fix CVE-2006-7123, upgrade to BSQ Sitestats version 2.2.1 or later, which addresses these SQL injection vulnerabilities.
Which versions of BSQ Sitestats are affected by CVE-2006-7123?
CVE-2006-7123 affects BSQ Sitestats versions 1.8.0 and possibly earlier versions before 2.2.1.
What can attackers achieve with CVE-2006-7123?
Attackers exploiting CVE-2006-7123 can execute arbitrary SQL commands, potentially compromising the database.
Is CVE-2006-7123 a common vulnerability in Joomla extensions?
CVE-2006-7123 highlights a common issue with SQL injection vulnerabilities that can occur in Joomla extensions.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/joomla
- canonical/joomla bsq sitestats
- version/joomla bsq sitestats/1.8.0